Impact 6.0 from Core Security is a pure penetration testing tool. It is optimized for production use and comes with a suite of pre-programmed exploits. The support agreement provides regular updates with new exploits. Users can write their own exploits and can add to existing ones in the library. Impact can perform pre-configured scenarios or individual exploits.
Penetration tools tend to be designed for very skilled users. They often run from command lines and run individual exploits only. While this is adequate for a research laboratory, for production testing of large networks speed, accuracy and repeatability are critical. This is where Core Impact 6.0 shines. This is a product developed for the savvy penetration tester.
Impact can perform a set of pre-programmed functions that sequentially scan the entire network for vulnerabilities, attempt to penetrate, attempt to plant mini-shells and continue testing. Alternatively, and most important for the skilled penetration tester, individual exploits can be run, shells planted in the target and the exploit confirmed. Exploits are written in Python and conform with the CVE (common vulnerabilities and exposures). We know of no other product that performs penetrations in this manner.
The product tracks all actions of the user and creates a detailed log of the user’s behavior as well as that of the program. Several stock reports are available and reports can be customized.
Finally, documentation is very good with all of the information needed to implement. Support is first rate and, although the product seems pricey, that license covers an unlimited range of IP addresses. This actually places it at the low end of the scale for scanners. We rate Core Impact as Lab Approved for its comprehensive capability in a production environment, performance and ease of use.
Core Impact 6.0 has been rated Lab Approved by SC Magazine.